• 0 Posts
  • 8 Comments
Joined 1 year ago
cake
Cake day: October 28th, 2023

help-circle
  • It’s really hard to tell, and the devil is in the details.

    On bare metal, a single server containing both the front-end application and the DB may be faster (no networking overhead), but only to a point. As load increases, a split system (front-end on one machine, DB on another, or even on a cluster) becomes more attractive.

    When everything is virtualized and machines talk to each other over virtual interfaces, I would think a single database server usable by multiple front-end applications would be a good idea. This way, you have only one DB server overhead. Also, maintenance is more straightforward; you look after a single database server, even though it contains multiple databases.

    It’s probably a good idea to pair each application with a dedicated database (within the same database server) and assign each application a unique user name with rights only for that database.



  • Please elaborate. What do you expect your box to do? And how many ports do you need?

    Assuming you’re not planning for anything computationally intensive such as VPN or deep packet inspection, you can take a look at the four-port Sophos SG 105 / XG 105 (will require one change in BIOS settings for pfSense to install and run) or a five-port Barracuda F12 (doesn’t have video output and therefore will require a console cable for installation). Occasionally, the six-port Check Point T-110 pops up at low prices. Very occasionally, someone lists for cheap a Lanner unit with anywhere between two and six ports. Four-port Sophos UTM 110/120 units still pop up occasionally, but those are REALLY old (went out of support in 2018).

    You may happen upon a three-port APU or a rebrand thereof (SimpleWAN or even Netgate; they used to sell pfSense Plus preinstalled on APUs), but those are extremely configurable and sometimes come with stock OS installed on a CF card, so you may need to buy an mPCIe SSD separately.

    And, of course, oodles of dual-RJ-45 mini-PCs, new and used. Potential problem with those is, the cheaper they are, the more likely they are to come with Realtek NICs (and those NICs used to have a big stigma in the pfSense community due to poor drivers; more recently, things have improved, but many people still don’t want to deal with Realtek). Also, if the seller doesn’t know or doesn’t say what the NICs are, they are probably Realtek.




  • Can anybody recommend a cheap computer that can run Linux and has an Ethernet port with built in LTE or 3G?

    First off, 3G is either dead or dying. All major U.S. carriers, for example, shut down 3G service in 2022. Globally, it’s probably similar. So your minimum is LTE.

    To answer your question, no. Unless you happen upon a used device and the seller doesn’t know what they have, this is not cheap tech. And when it is cheap, it is often because it has vendor locks.

    For example, I once bought a Datto DNA-VZ5 (a rebranded Axiomtek NA361) from a recycler. It had six Ethernet ports (4 x Intel i354 + 2 x Intel i210), Wi-Fi (Qualcomm Atheros QCA986x/988x, which is AC standard), and a cellular modem (Sequans VZ20M). The problem is, there are no open-source drivers for Sequans VZ20M. Further, the U.S. version is locked onto Verizon, and the Canadian version, onto Rogers. Further still, the device is somewhat larger than a typical desktop router, actively cooled, painted bright blue, and has the total of five antennas (three for Wi-Fi and two for cellular) on two opposing sides of the case. So even if you were able to make it work (for example, by replacing the Sequans card with a more open-source-friendly one), it still wouldn’t meet your aesthetic criteria.

    Here’s what you can do. Find out what devices your cellular provider offers, then see if you can find those or similar in the secondary market… Most likely, you will end up with a standalone cellular modem. You may be able to find a cellular modem implemented as a PCI card (which you can install into any PC with a PCI slot; those are usually SFF or larger) or as an m.2 / mPCIe card (which you can use in a mini-PC if you take out the Wi-Fi card and replace Wi-Fi antennas with cellular ones). But either way, you’re highly unlikely to keep it under USD 100…



  • Nay, emphatically. Out of the box, a new SMTP server is treated by peers as yet another spam delivery vehicle. You have to prove to the world you’re not a fly-by-night spammer. There are certain things you have to do with your domain’s MX record, as well as in terms of SMTP server configuration. Oh, and if you’re ever caught with an open relay on port 25, that will get you blacklisted instantaneously…